<?php
/* Sandbox v0.5-1.0b
* Copyright (c) 2006-2007
* Sam O'Connor (Kiasyn) http://www.kiasyn.com
*
* Additions to Sandbox after 1.0:
* Copyright (c) 2007-2010
* Roger Libiez [Samson] http://www.iguanadons.net
*
* This software is provided 'as-is', without any express or implied warranty.
* In no event will the authors be held liable for any damages arising from the
* use of this software.
*
* Permission is granted to anyone to use this software for any purpose,
* including commercial applications, and to alter it and redistribute it freely,
* subject to the following restrictions:
*
* 1. The origin of this software must not be misrepresented; you must not claim
* that you wrote the original software. If you use this software in a product,
* an acknowledgment in the product documentation is required.
*
* 2. Altered source versions must be plainly marked as such, and must not be
* misrepresented as being the original software.
*
* 3. This notice may not be removed or altered from any source distribution.
*
* 4. You must make an effort to notify the author (Sam O'Connor) at the email
* address hide@address.com if you plan on publicly distributing a derivative
* of this software, whether by email, download or a form of disk/disc.
*
* Notifying Roger Libiez is not required but would still be appreciated :)
*/
if ( !defined('SANDBOX') || !defined('SANDBOX_ADM') ) {
header('HTTP/1.0 403 Forbidden');
die;
}
class gallery extends module
{
var $folder_array; // Used to generate folder trees
function execute()
{
static $folder_array = false;
$this->folder_array = &$folder_array;
if ( isset($this->get['s']) )
switch( $this->get['s'] )
{
case 'Delete': return $this->show_images( 'Delete' );
case 'Edit': return $this->show_images( 'Edit' );
case 'upload': return $this->upload_image();
case 'Deleteimage': return $this->delete_image();
case 'createfolder': return $this->create_folder();
case 'Editimage': return $this->edit_image_info();
case 'editfolder': return $this->edit_folder();
case 'deletefolder': return $this->delete_folder();
}
return $this->message( 'Image Gallery', 'Sorry, you need to specify an action to use this module.' );
}
function show_images($action)
{
$this->title( 'Show Images' );
$count = 0; $this_folder = null;
$f = isset($this->get['f']) ? intval($this->get['f']) : 0;
$this_folder = $this->db->quick_query( "SELECT * FROM {$this->pre}photofolders WHERE folder_id=$f" );
if ( $f != 0 )
$this->title( $this_folder['folder_name'] );
$xtpl = new XTemplate( './skins/' . $this->skin . '/gallery_folder.xtpl' );
$xtpl->assign( 'tree', $this->build_folder_list($f, $action) );
$xtpl->assign( 'imgsrc', $this->settings['site_address'] . 'skins/' . $this->skin );
$folders = $this->folder_array;
foreach( $folders as $folder )
{
if( $folder['folder_parent'] != $f )
continue;
$id = $folder['folder_id'];
// Don't display a folder link for root
if( $id == 0 )
continue;
if( $this->user['user_id'] != $folder['folder_user'] && $this->user['user_level'] < USER_ADMIN )
continue;
$xtpl->assign( 'name', htmlspecialchars($folder['folder_name']) );
$xtpl->assign( 'parent', "admin.php?a=gallery&s=$action&f={$folder['folder_id']}" );
$xtpl->parse( 'GalleryFolder.Link' );
}
$list = $this->build_file_list( $f, $this_folder, $action );
foreach( $list as $item )
{
if( !isset($item['name']) )
continue;
$item_name = $item['name'];
if( strlen( $item_name ) > 23 )
$item_name = substr( $item_name, 0, 20 ) . '...';
$xtpl->assign( 'item_name', htmlspecialchars($item_name) );
$src = getimagesize( './' . $item['src'] );
$xtpl->assign( 'imgWH', $src[3] );
$xtpl->assign( 'item_src', htmlspecialchars($item['src']) );
$xtpl->assign( 'item_type', $item['type'] );
$xtpl->assign( 'item_dimensions', $item['dimensions'] );
$xtpl->assign( 'item_size', $item['size'] );
$xtpl->assign( 'item_link', $item['link'] );
$xtpl->assign( 'item_num', $item['num'] );
$xtpl->parse( 'GalleryFolder.Thumbnail' );
}
$xtpl->assign( 'folder_summary', $action . ' which of these images?' ); // Yes, this is legit. Tricking the template into displaying the action text.
$xtpl->assign( 'folder_name', htmlspecialchars($this_folder['folder_name']) );
$xtpl->parse( 'GalleryFolder' );
return $xtpl->text( 'GalleryFolder' );
}
function folder_array()
{
if( $this->folder_array === false ) {
$this->folder_array = array();
$q = $this->db->query( "SELECT * FROM {$this->pre}photofolders ORDER BY folder_name" );
while ($f = $this->db->assoc($q))
{
$this->folder_array[$f['folder_id']] = $f;
}
return $this->folder_array;
}
return $this->folder_array;
}
function build_folder_list( $fd, $action )
{
$folders = $this->folder_array();
$folder_list = "» <a href=\"admin.php?a=gallery&s=$action\">Root</a>";
if( $fd != 0 )
{
$parents = explode( ',', $folders[$fd]['folder_tree'] );
foreach( $parents as $parent )
{
if(!isset($folders[$parent]) || $folders[$parent]['folder_id'] == 0)
continue;
$folder_name = $folders[$parent]['folder_name'];
$folder_list .= "» <a href=\"admin.php?a=gallery&s=$action&f=$parent\">";
$folder_list .= $folder_name . '</a>';
}
$folder_name = $folders[$fd]['folder_name'];
$folder_list .= ' » ' . $folder_name;
}
return $folder_list;
}
function build_file_list( $f, &$this_folder, $action )
{
$list[] = array();
$result = $this->db->query( "
SELECT photo_id, photo_user, photo_caption, photo_md5name, photo_type, photo_size, photo_width, photo_height
FROM {$this->pre}photogallery
WHERE photo_folder=$f" );
while( $photo = $this->db->assoc( $result ) )
{
if( $this->user['user_level'] < USER_ADMIN && $this->user['user_id'] != $photo['photo_user'] )
continue;
$size = ceil( $photo['photo_size'] / 1024 );
$list[] = array(
'name' => $photo['photo_caption'],
'num' => '',
'class' => 'thumbnail',
'src' => $this->thumb_dir . $photo['photo_md5name'] . '.' . $photo['photo_type'],
'type' => $photo['photo_type'],
'link' => 'admin.php?a=gallery&s=' . $action . 'image&p=' . $photo['photo_id'],
'size' => $size,
'dimensions' => $photo['photo_width'] . 'x' . $photo['photo_height'] );
}
return $list;
}
function edit_image_info( )
{
$this->title( 'Edit Image' );
$p = 0;
if( isset( $this->get['p'] ) )
$p = intval( $this->get['p'] );
else if( isset( $this->post['p'] ) )
$p = intval( $this->post['p'] );
$photo = $this->db->quick_query( "
SELECT photo_id, photo_user, photo_caption, photo_summary, photo_details, photo_md5name, photo_type, photo_folder,
photo_size, photo_width, photo_height, photo_flags
FROM {$this->pre}photogallery
WHERE photo_id=$p" );
if ( !$photo )
return $this->message( 'Edit Image', 'No such image.' );
if( $this->user['user_level'] < USER_ADMIN && $photo['photo_user'] != $this->user['user_id'] )
return $this->error( 'Access Denied: You do not own the image you are trying to edit.' );
if ( isset( $this->post['submit'] ) )
{
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
if ( isset( $this->files['image_file'] ) && $this->files['image_file']['error'] == UPLOAD_ERR_OK )
{
$old_filename = $photo['photo_md5name'];
$old_thumbnail = $old_filename;
$fname = $this->files['image_file']['tmp_name'];
$system = explode( '.', $this->files['image_file']['name'] );
$system[1] = strtolower($system[1]);
if ( !preg_match( '/jpg|jpeg|png|gif/', $system[1] ) )
return $this->message( 'Update Image', 'Invalid file type ' . $system[1] . '. Valid file types are jpg, png and gif.' );
$md5 = md5( $this->files['image_file']['name'] . time() );
$name = $md5 . '.' . $system[1];
$new_fname = $this->gallery_dir . $name;
if ( !move_uploaded_file( $fname, $new_fname ) )
return $this->message( 'Update Image', 'Image failed to upload!' );
$size = $this->files['image_file']['size'];
$image = $this->createthumb( $new_fname, $this->thumb_dir . $name, $system[1], $this->settings['gallery_thumb_w'], $this->settings['gallery_thumb_h'] );
$this->db->query( "UPDATE {$this->pre}photogallery
SET photo_md5name='$md5', photo_size=$size, photo_width='{$image['width']}', photo_height='{$image['height']}', photo_type='{$system[1]}'
WHERE photo_id=$p" );
chmod( $new_fname, 0644 );
chmod( $this->thumb_dir . $name, 0644 );
@unlink( $this->thumb_dir . "{$photo['photo_md5name']}.{$photo['photo_type']}" );
@unlink( $this->gallery_dir . "{$photo['photo_md5name']}.{$photo['photo_type']}" );
}
$caption = $this->db->escape($this->post['image_caption']);
$details = $this->db->escape($this->post['image_details']);
$summary = $this->db->escape($this->post['image_summary']);
$folder = intval($this->post['image_folder']);
$flags = 0;
foreach( $this->post['image_flags'] as $flag)
$flags |= intval($flag);
$this->db->query( "UPDATE {$this->pre}photogallery SET photo_caption='$caption', photo_summary='$summary', photo_details='$details', photo_folder=$folder, photo_flags=$flags
WHERE photo_id=$p" );
$link = 'admin.php?a=gallery&s=Edit&f=' . $photo['photo_folder'];
return $this->message( 'Edit Image', 'Image information has been updated.', 'Continue', $link );
}
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'token', $this->generate_token() );
$xtpl->assign( 'heading', 'Edit Image Information' );
$xtpl->assign( 'action_link', 'admin.php?a=gallery&s=Editimage&p=' . $photo['photo_id'] );
$xtpl->assign( 'site_root', $this->settings['site_address'] );
$xtpl->assign( 'imgsrc', $this->gallery_dir . $photo['photo_md5name'] . '.' . $photo['photo_type'] );
$xtpl->assign( 'replace', 'Replace ' );
$xtpl->assign( 'folder_select', $this->folder_options( "image_folder", true, $photo['photo_folder'] ) );
$xtpl->assign( 'caption', htmlspecialchars($photo['photo_caption']) );
$xtpl->assign( 'summary', htmlspecialchars($photo['photo_summary']) );
$xtpl->assign( 'details', htmlspecialchars($photo['photo_details']) );
$xtpl->assign( 'width', $photo['photo_width'] );
$xtpl->assign( 'height', $photo['photo_height'] );
$xtpl->assign( 'type', $photo['photo_type'] );
$xtpl->assign( 'pub', POST_PUBLISHED );
$xtpl->assign( 'cls', POST_CLOSED );
$xtpl->assign( 'ovr', POST_OVERRIDE );
$xtpl->assign( 'mbo', POST_MEMBERSONLY );
$flags = $photo['photo_flags'];
$xtpl->assign( 'pubbox', $flags & POST_PUBLISHED ? " checked=\"checked\"" : null );
$xtpl->assign( 'clsbox', $flags & POST_CLOSED ? " checked=\"checked\"" : null );
$xtpl->assign( 'ovrbox', $flags & POST_OVERRIDE ? " checked=\"checked\"" : null );
$xtpl->assign( 'mbobox', $flags & POST_MEMBERSONLY ? " checked=\"checked\"" : null );
$xtpl->assign( 'bbcode_menu', $this->bbcode->get_bbcode_menu() );
$xtpl->assign( 'comment_list', $this->list_comments( $p ) );
$xtpl->parse( 'ImageForm.Edit' );
$xtpl->parse( 'ImageForm' );
return $xtpl->text( 'ImageForm' );
}
function list_comments( $image_id )
{
$comments = $this->db->query( "SELECT c.*, u.user_name FROM {$this->pre}blogcomments c
LEFT JOIN {$this->pre}users u ON u.user_id=c.comment_user
WHERE comment_post=$image_id AND comment_type=" . COMMENT_GALLERY );
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/post_comment_list.xtpl' );
while ( $comment = $this->db->assoc($comments) )
{
foreach ( $comment as $key => $value )
$comment[$key] = htmlspecialchars($value);
$xtpl->assign( 'edit_link', '<a href="admin.php?a=posts&s=edit_comment&p=' . $image_id . '&c='. $comment['comment_id'] . '">Edit Comment</a>' );
$xtpl->assign( 'delete_link', '<a href="admin.php?a=posts&s=del_comment&p='. $image_id . '&c=' . $comment['comment_id'] . '">Delete Comment</a>' );
$xtpl->assign( 'spam_link', '<a href="admin.php?a=posts&s=del_comment&t=spam&p=' . $image_id . '&c=' . $comment['comment_id'] . '">Report Spam</a>' );
$xtpl->assign( 'user_name', htmlspecialchars($comment['user_name']) );
$xtpl->assign( 'user_ip', $comment['comment_ip'] );
$xtpl->assign( 'comment_text', htmlspecialchars($comment['comment_message']) );
$xtpl->parse( 'Comments.Entry' );
}
$xtpl->parse( 'Comments' );
return $xtpl->text( 'Comments' );
}
function upload_image()
{
if ( isset( $this->post['submit'] ) )
{
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
$caption = $this->db->escape( $this->post['image_caption'] );
$summary = $this->db->escape( $this->post['image_summary'] );
$details = $this->db->escape( $this->post['image_details'] );
$folder = intval( $this->post['image_folder'] );
$fname = $this->files['image_file']['tmp_name'];
$system = explode( '.', $this->files['image_file']['name'] );
$system[1] = strtolower($system[1]);
if ( !preg_match( '/jpg|jpeg|png|gif/', $system[1] ) )
return $this->message( 'Upload Image', 'Invalid file type ' . $system[1] . '. Valid file types are jpg, png and gif.' );
$md5 = md5( $this->files['image_file']['name'] . time() );
$name = $md5 . '.' . $system[1];
$new_fname = $this->gallery_dir . $name;
if ( !move_uploaded_file( $fname, $new_fname ) )
return $this->message( 'Upload Image', 'Image failed to upload!' );
$size = $this->files['image_file']['size'];
$image = $this->createthumb( $new_fname, $this->thumb_dir . $name, $system[1], $this->settings['gallery_thumb_w'], $this->settings['gallery_thumb_h'] );
$flags = 0;
foreach( $this->post['image_flags'] as $flag )
$flags |= intval($flag);
chmod( $new_fname, 0644 );
chmod( $this->thumb_dir . $name, 0644 );
$this->db->query(
"INSERT INTO {$this->pre}photogallery (photo_user,photo_caption,photo_summary,photo_folder,photo_md5name,photo_type,photo_width,photo_height,photo_size,photo_date,photo_flags,photo_details)
VALUES ({$this->user['user_id']},'$caption','$summary',$folder,'$md5','{$system[1]}','{$image['width']}','{$image['height']}','$size',$this->time,$flags,'$details')" );
return $this->message( 'Upload Image', 'Image uploaded.', 'Continue', 'admin.php' );
}
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'pub', POST_PUBLISHED );
$xtpl->assign( 'cls', POST_CLOSED );
$xtpl->assign( 'ovr', POST_OVERRIDE );
$xtpl->assign( 'mbo', POST_MEMBERSONLY );
$xtpl->assign( 'clsbox', null );
$xtpl->assign( 'ovrbox', null );
$xtpl->assign( 'mbobox', null );
$xtpl->assign( 'pubbox', ' checked="checked"' );
$xtpl->assign( 'token', $this->generate_token() );
$xtpl->assign( 'heading', 'Upload Image' );
$xtpl->assign( 'action_link', 'admin.php?a=gallery&s=upload' );
$xtpl->assign( 'site_root', $this->settings['site_address'] );
$xtpl->assign( 'folder_select', $this->folder_options( "image_folder" ) );
$xtpl->assign( 'bbcode_menu', $this->bbcode->get_bbcode_menu() );
$xtpl->parse( 'ImageForm' );
return $xtpl->text( 'ImageForm' );
}
function delete_image()
{
if ( !isset($this->post['submit']) )
{
$p = intval($this->get['p']);
$photo = $this->db->quick_query( "SELECT photo_id, photo_user, photo_md5name, photo_type
FROM {$this->pre}photogallery
WHERE photo_id=$p" );
if ( !$photo )
return $this->message( 'Delete Image', 'No such image.' );
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'token', $this->generate_token() );
$xtpl->assign( 'action_link', 'admin.php?a=gallery&s=Deleteimage&p=' . $p );
$xtpl->assign( 'photo_id', $p );
$xtpl->assign( 'imgsrc', $this->gallery_dir . $photo['photo_md5name'] . '.' . $photo['photo_type'] );
$xtpl->parse( 'ImageDelete' );
return $xtpl->text( 'ImageDelete' );
}
if ( isset($this->post['p']) )
{
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
$p = intval( $this->post['p'] );
$photo = $this->db->quick_query( "SELECT photo_id, photo_user, photo_md5name, photo_type, photo_folder
FROM {$this->pre}photogallery
WHERE photo_id=$p" );
if ( !$photo )
return $this->message( 'Delete Image', 'No such image.' );
@unlink( $this->thumb_dir . "{$photo['photo_md5name']}.{$photo['photo_type']}" );
@unlink( $this->gallery_dir . "{$photo['photo_md5name']}.{$photo['photo_type']}" );
$this->db->query( "DELETE FROM {$this->pre}photogallery WHERE photo_id=$p" );
$this->db->query( "DELETE FROM {$this->pre}blogcomments WHERE comment_post=$p AND comment_type=" . COMMENT_GALLERY );
$link = 'admin.php?a=gallery&s=delete&f=' . $photo['photo_folder'];
return $this->message( 'Delete Image', 'Image deleted.', 'Continue', $link );
}
return $this->message( 'Delete Image', 'No image selected.' );
}
function build_foldertree( $folder_id, &$folders )
{
$tree = array();
$orig_f = $folder_id;
do {
$old = $folder_id;
if ( isset($folders[$folder_id]) && $folders[$folder_id]['parent'] != $old )
array_unshift( $tree, htmlspecialchars($folders[$folder_id]['name']) );
}
while( isset($folders[$folder_id]) && ( $folder_id = $folders[$folder_id]['parent'] ) != $old );
if ( isset($folders[$folder_id]) )
array_unshift( $tree, $folders[$folder_id]['name'] );
return implode( ' » ', $tree );
}
function folder_options( $name = 'photo_folder', $root = true, $select_id = -1, $exclude = -1 )
{
$out = null; $folders = array();
$f_and = null;
if( $this->user['user_level'] < USER_ADMIN ) {
if( !$root )
$f_and = "AND folder_user={$this->user['user_id']}";
else
$f_and = "WHERE folder_user={$this->user['user_id']} OR folder_id=0";
}
$result = $this->db->query( "
SELECT folder_id, folder_name, folder_parent
FROM {$this->pre}photofolders
" . (!$root ? "WHERE folder_id!=0" : null) . "
$f_and
ORDER BY folder_parent" );
while ( $folder = $this->db->assoc($result) )
if ( $folder['folder_id'] != $exclude )
$folders[$folder['folder_id']] = array( "name" => $folder['folder_name'], "parent" => $folder['folder_parent'] );
foreach( $folders as $id => $folder )
$out .= "<option value=\"$id\"" . ($id == $select_id ? " selected" : "") . ">" . $this->build_foldertree( $id, $folders ) . "</option>\n";
return "<select name=\"$name\" id=\"$name\">\n$out</select>";
}
function folder_list( $header, $link, $root = true )
{
$folders = array();
$f_and = null;
if( $this->user['user_level'] < USER_ADMIN ) {
if( !$root )
$f_and = "AND folder_user={$this->user['user_id']}";
else
$f_and = "WHERE folder_user={$this->user['user_id']} OR folder_id=0";
}
$result = $this->db->query( "
SELECT folder_id, folder_name, folder_parent
FROM {$this->pre}photofolders
" . (!$root ? "WHERE folder_id!=0" : null) . "
$f_and
ORDER BY folder_parent" );
while ( $folder = $this->db->assoc($result) )
$folders[$folder['folder_id']] = array( 'name' => $folder['folder_name'], 'parent' => $folder['folder_parent'] );
$links = '';
foreach( $folders as $id => $folder )
$links .= "<li><a href=\"{$link}$id\">" . $this->build_foldertree( $id, $folders ) . "</a></li>\n";
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'heading', $header );
$xtpl->assign( 'links', $links );
$xtpl->parse( 'FolderPick' );
return $xtpl->text( 'FolderPick' );
}
function folder_form( $header, $action, $folder = array('folder_name' => null, 'folder_summary' => null, 'folder_parent' => 0, 'folder_hidden' => 0) )
{
$f = isset($this->get['f']) ? intval($this->get['f']) : null;
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'token', $this->generate_token() );
$xtpl->assign( 'action_link', $action );
$xtpl->assign( 'heading', $header );
$xtpl->assign( 'folder_name', htmlspecialchars($folder['folder_name']) );
$xtpl->assign( 'folder_summary', htmlspecialchars($folder['folder_summary']) );
$xtpl->assign( 'folder_options', $this->folder_options( "folder_parent", true, $folder['folder_parent'], $f ) );
$xtpl->assign( 'fchecked', $folder['folder_hidden'] ? 'checked="checked"' : '' );
$xtpl->parse( 'FolderForm' );
return $xtpl->text( 'FolderForm' );
}
function create_folder()
{
if ( isset($this->post['submit']) )
{
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
$name = $this->db->escape($this->post['folder_name']);
$summary = $this->db->escape($this->post['folder_summary']);
$parent = intval($this->post['folder_parent']);
$hidden = isset($this->post['folder_hidden']) ? 1 : 0;
if ( empty($name) )
return $this->error( 'You must specify a folder name.' );
$this->db->query( "INSERT INTO {$this->pre}photofolders (folder_name,folder_summary,folder_parent,folder_user,folder_hidden)
VALUES('$name', '$summary', $parent, {$this->user['user_id']}, $hidden )" );
$this->update_folder_trees();
return $this->message( 'Create Gallery Folder', 'Folder created.', 'Continue', 'admin.php' );
}
return $this->folder_form( 'Create Gallery Folder', 'admin.php?a=gallery&s=createfolder' );
}
function buildTree($folders, $parent)
{
$tree = '';
if (isset($folders[$parent]) && $folders[$parent]) {
$tree = $this->buildTree($folders, $folders[$parent]);
$tree .= ',';
}
$tree .= $parent;
return $tree;
}
function update_folder_trees()
{
$folders = array();
// Build tree structure of 'id' => 'parent' structure
$q = $this->db->query( "SELECT folder_id, folder_parent FROM {$this->pre}photofolders ORDER BY folder_parent" );
while ($f = $this->db->assoc($q))
{
if ($f['folder_parent']) {
$folders[$f['folder_id']] = $f['folder_parent'];
}
}
// Run through group
$q = $this->db->query( "SELECT folder_parent FROM {$this->pre}photofolders GROUP BY folder_parent" );
while ($f = $this->db->assoc($q))
{
if ($f['folder_parent']) {
$tree = $this->buildTree($folders, $f['folder_parent']);
} else {
$tree = '';
}
$this->db->query( "UPDATE {$this->pre}photofolders SET folder_tree='$tree' WHERE folder_parent={$f['folder_parent']}" );
}
}
function edit_folder()
{
$this->title( 'Edit Gallery Folder' );
if ( !isset($this->get['f']) && !isset($this->post['f']) )
return $this->folder_list( 'Edit which gallery folder?', 'admin.php?a=gallery&s=editfolder&f=', false );
$f = isset($this->get['f']) ? intval($this->get['f']) : intval($this->post['f']);
$folder = $this->db->quick_query(
"SELECT folder_id, folder_user, folder_name, folder_summary, folder_parent, folder_hidden
FROM {$this->pre}photofolders
WHERE folder_id=$f" );
if ( isset($this->post['submit']) )
{
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
$name = $this->db->escape($this->post['folder_name']);
$summary = $this->db->escape($this->post['folder_summary']);
$parent = intval($this->post['folder_parent']);
$hidden = isset($this->post['folder_hidden']) ? 1 : 0;
$this->db->query( "UPDATE {$this->pre}photofolders SET folder_name='$name', folder_summary='$summary', folder_parent=$parent, folder_hidden=$hidden
WHERE folder_id=$f" );
$this->update_folder_trees();
return $this->message( 'Edit Gallery Folder', 'Folder updated.', 'Continue', 'admin.php' );
}
return $this->folder_form( 'Edit Gallery Folder', "admin.php?a=gallery&s=editfolder&f=$f", $folder );
}
function delete_fold( $f )
{
if ( $f == 0 )
return false;
$result = $this->db->query( "SELECT folder_id FROM {$this->pre}photofolders WHERE folder_parent=$f" );
while ( $folder = $this->db->assoc( $result ) )
$this->delete_fold($folder['folder_id']);
$result = $this->db->query( "SELECT photo_id FROM {$this->pre}photogallery WHERE photo_folder=$f" );
while ( $pic = $this->db->assoc($result) )
$this->db->query( "UPDATE {$this->pre}photogallery SET photo_folder=0 WHERE photo_id={$pic['photo_id']}" );
$this->db->query( "DELETE FROM {$this->pre}photofolders WHERE folder_id=$f" );
return true;
}
function delete_folder()
{
if ( !isset($this->get['f']) && !isset($this->post['f']) )
return $this->folder_list( 'Delete which gallery folder?', 'admin.php?a=gallery&s=deletefolder&f=', false );
$f = isset($this->get['f']) ? intval($this->get['f']) : intval($this->post['f']);
$folder = $this->db->quick_query( "SELECT folder_name, folder_user FROM {$this->pre}photofolders WHERE folder_id=$f" );
if( $this->user['user_level'] < USER_ADMIN && $folder['folder_user'] != $this->user['user_id'] )
return $this->error( 'Access Denied: You do not own the folder you are trying to delete.' );
if ( !isset($this->get['submit']) )
{
$count = $this->db->quick_query( "
SELECT COUNT(photo_id) as count
FROM {$this->pre}photogallery
WHERE photo_folder=$f" );
$xtpl = new XTemplate( './skins/' . $this->skin . '/AdminCP/gallery.xtpl' );
$xtpl->assign( 'token', $this->generate_token() );
$xtpl->assign( 'action_link', 'admin.php?a=gallery&s=deletefolder&f=$f' . $f );
$xtpl->assign( 'folder_name', $folder['folder_name'] );
$xtpl->assign( 'folder_id', $f );
$xtpl->assign( 'count', $count['count'] );
$xtpl->parse( 'FolderDelete' );
return $xtpl->text( 'FolderDelete' );
}
if( !$this->is_valid_token() ) {
return $this->error( 'Invalid or expired security token. Please go back, reload the form, and try again.' );
}
if ( !$this->delete_fold($f) )
return $this->message( 'Delete Gallery Folder', 'Could not delete folder.' );
return $this->message( 'Delete Gallery Folder', 'The folder has been deleted.', 'Continue', 'admin.php' );
}
}
?>